On Sunday morning I started receiving hundreds of spam emails into my personal Google account. As a precaution I changed passwords to all finance related sites and rode the wave out (marking all as Spam).
Yesterday the wave is over and I got an “order despatched” email from Tesla, with a wall charger ordered and paid from my account (US - although I’m in the UK) and with the receiver address somewhere on Southeast street Washingon US. That raised a few eyebrows and I started connecting the dots.
I checked my bank account, and indeed Tesla withdrawn about £380 (plus a foreign currency fee) on Sunday mid-day.
I emailed Tesla back to stop the order and checked the Fedex tracking number.
Today someone in Tesla responded saying the order didn’t ship yet, they will hold it and reimburse me.
This is all to do with a simpler password I had set to the Tesla account, for simplicity of logging onto the many apps I have tried. On Tesla’s suggestion I’ve now reset it and switched to 2 factor authentication, which I didn’t even know it is possible (it wasn’t when I registered).
I suggest you do the same, Tesla apparently isn’t asking for the 3 digit CVC code on new orders and the hacker’s strategy almost worked - which was to flood my account so I don’t observe the order until it’s too late.
Yesterday the wave is over and I got an “order despatched” email from Tesla, with a wall charger ordered and paid from my account (US - although I’m in the UK) and with the receiver address somewhere on Southeast street Washingon US. That raised a few eyebrows and I started connecting the dots.
I checked my bank account, and indeed Tesla withdrawn about £380 (plus a foreign currency fee) on Sunday mid-day.
I emailed Tesla back to stop the order and checked the Fedex tracking number.
Today someone in Tesla responded saying the order didn’t ship yet, they will hold it and reimburse me.
This is all to do with a simpler password I had set to the Tesla account, for simplicity of logging onto the many apps I have tried. On Tesla’s suggestion I’ve now reset it and switched to 2 factor authentication, which I didn’t even know it is possible (it wasn’t when I registered).
I suggest you do the same, Tesla apparently isn’t asking for the 3 digit CVC code on new orders and the hacker’s strategy almost worked - which was to flood my account so I don’t observe the order until it’s too late.
